signatures must have a reference, add a test for the location

steved · steved · commit 115ae0b24c3d · 2014-03-25T19:20:59.000-07:00
diff --git a/lib/samlr/assertion.rb b/lib/samlr/assertion.rb
@@ -18,12 +18,7 @@ def verify!
     def location
       @location ||= if !signature.missing?
         verify_signature!
-
-        if signature.references.any?
-          "//saml:Assertion[@ID='#{signature.references.first.uri}']"
-        else
-          raise SignatureError.new("Missing references inside checked signature")
-        end
+        "//saml:Assertion[@ID='#{signature.references.first.uri}']"
       else
         DEFAULT_LOCATION
       end
diff --git a/test/unit/test_response.rb b/test/unit/test_response.rb
@@ -20,6 +20,12 @@
     end
   end
 
+  describe "#location" do
+    it "should return proper assertion location" do
+      assert_equal "//saml:Assertion[@ID='samlr456']", subject.assertion.location
+    end
+  end
+
   describe "XSW attack" do
     it "should not validate if SAML response is hacked" do
       document = saml_response_document(:certificate => TEST_CERTIFICATE)
@@ -35,7 +41,7 @@
       response_signature.add_next_sibling(extensions)
       response_signature.remove()
 
-      modified_document.xpath("/samlp:Response/samlp:Extensions/saml:Assertion/ds:Signature", Samlr::NS_MAP).remove()
+      modified_document.xpath("/samlp:Response/samlp:Extensions/saml:Assertion/ds:Signature", Samlr::NS_MAP).remove
       modified_document.xpath("/samlp:Response/saml:Assertion/saml:Subject/saml:NameID", Samlr::NS_MAP).first.content="evil@example.org"
       modified_document.xpath("/samlp:Response/saml:Assertion", Samlr::NS_MAP).first["ID"] = "evil_id"
 
